Nmap Cheat Sheet: Scans You’ll Actually Use (with Examples)

Updated on February 27, 2026 11 minutes read

Modern laptop on a tidy desk displaying Nmap scan results in a terminal, with notebook and coffee cup—cybersecurity network scanning cheat sheet cover image.

Frequently Asked Questions

Is Nmap legal to use?

Yes, when you scan systems you own or have explicit permission to test. Unauthorized scanning can be illegal and may disrupt services.

What’s the best Nmap scan for beginners?

Start with nmap <target> to find open TCP ports, then use -sV to identify services. Add -sC in a lab to get more context without going too aggressive.

What does “filtered” mean in Nmap results?

“Filtered” usually means a firewall blocked the probe, so Nmap can’t confirm if the port is open. It’s a visibility limitation, not proof that a system is safe.

Why are UDP scans so slow?

UDP services often don’t respond clearly, so Nmap must wait longer before deciding a port’s state. Start with a small list of UDP ports instead of scanning all of them.

Do I need sudo/admin privileges to run Nmap?

Some scans (like SYN scans -sS and OS detection -O) commonly require elevated privileges. If you can’t use sudo, try -sT for a TCP connect scan.

Career Services

Personalized career support to help you launch your tech career. Get résumé reviews, mock interviews, and industry insights—so you can showcase your new skills with confidence.